Google has again decided to disclose a flaw in Microsoft software before the latter company could deliver a fix. Indeed, Microsoft has struggled to fix this problem.
Detailed here on Google's Project Zero bug-tracker, the flaw impacts the just-in-time compiler that Microsoft's Edge browser uses to execute JavaScript and makes …

Security researcher E. Foudil is pushing a scheme to make it easier for bug finders to notify companies about problems with their technology.
The idea revolves around “security.txt” - a simple text file, much like robots.txt, that contains information on whom to contact or where to look for security related information about a …

More than three-quarters of vulnerabilities are publicly reported online before National Vulnerability Database publication.
News sites, blogs and social media pages as well as more remote areas of the web including the dark web, paste sites, and criminal forums first published bugs more often than NIST's1 centralised National …

Miscreants can turn the tables on Microsoft and use its own antivirus engine against Windows users – by abusing it to install malware on vulnerable machines.
A particularly nasty security flaw exists in Redmond's anti-malware software, which is packaged and marketed in various forms: Windows Defender, Windows Intune Endpoint …

For most of us, Saturday morning is a time for a lie in, a leisurely brunch, or maybe taking the kids to the park. But for some it's bug-hunting time.
Tavis Ormandy, a member of Google's crack Project Zero security team, was in the shower and thinking about LastPass – after finding a number of flaws in the password manager …

Yahoo!'s sale to Verizon has been delayed, following revelations last year of historical data security breaches.
News of the deferral of the $4.8bn Verizon deal came as Yahoo! released its Q4 earnings results on Monday. "Yahoo! had previously stated that it expected to close the transaction in Q1," it said. "However, given …

Automattic, the company behind content management and blogging platform WordPress, has complained that it can't reveal the full extent of state intelligence agencies' requests to probe users' accounts.
The company's new National Security report reports that the company's recorded zero “national security requests” in 2015's …

Google has adjusted the terms of its controversial Project Zero vulnerability scouting effort, loosening its 90-day disclosure policy somewhat to give companies a better chance of fixing their security bugs before they become public knowledge.
Among the changes, Google says it will no longer disclose bugs on weekends and …

National security boosters have just taken a kick to the ego, with revelations that hackers can access exactly the kind of wiretap kit they believe should be deployed in every ISP and telco around the world.
The zero-day that's turned up in kit from New Jersey outfit NICE would give attackers access to wiretapped voice …

The Securities and Exchange Commission (SEC) invited security and finance experts to Washington yesterday to discuss cybersecurity issues and whether companies and stock markets should be required to immediately disclose attacks and invest in protecting their systems.
SEC commissioner Luis Aguilar said that the agency needed …

Megaupload founder Kim Dotcom has suffered another setback in his fight against extradition to America to face piracy charges, as the New Zealand Supreme Court denied his appeal to access the evidence the US feds have on him.
The top court decided [PDF] that Uncle Sam's prosecutors are not required to disclose the evidence …

A US judge has decided that Facebook, Mark Zuckerberg and a bunch of banks will face a lawsuit accusing them of misleading investors about its $16bn initial public offering.
District Judge Robert Sweet in Manhattan said that investors should be allowed to pursue their claims that Facebook and the banks running its IPO were …

Samsung's patent battles with Apple has taken an unexpected turn: the Korean conglomerate has been ordered to cough up email records and witnesses so that the court can determine if its lawyers have been playing fast and loose with confidentiality.
According to a court filing on Wednesday, Apple disclosed a number of patent …

Lawyers and judges must be properly trained on how best to examine electronic documents and email evidence or risk wasting vast sums of money in legal costs, a senior judge has warned.
Lord Justice Jackson, author of last year's in-depth report on legal costs in civil litigation, told a construction disputes conference in a …

Microsoft has implemented a new company policy requiring all employees to follow a detailed set of procedures when reporting security vulnerabilities in third-party products.
The practices are an evolution of the coordinated vulnerability disclosure doctrine it proposed in July. They're intended to simplify communication among …

The Australian Privacy Commissioner has delivered a 50-50 verdict in his report on breaches of customer privacy in Vodafone’s computer system.
On the one hand, the allegation that data on “four million Vodafone customers including their billing and call records were uploaded onto a publicly accessible website” has been found …

On August 10, 2007, a new section of the German Penal code went into effect. The statute, intended to implement certain provisions of the Council of Europe Treaty on Cybercrime, could be interpreted to make the creation or distribution of computer security software a criminal offense.
In the wake of the statute, numerous …

Updated
The cost of data breaches for UK firms has risen from an average of £47 per record in 2007 to £60 ($86) in 2008, according to a new survey. But figures from a Ponemon Institute study, sponsored by PGP, are orders of magnitude higher than losses booked following the infamous TJX security breach, raising questions over how much …